Limited Authorized Personal Use of NIH Information Technology (IT) Resources
This is only an abbreviated version of the policy requirements; staff is encouraged to become familiar with the entire policy.
Important: NIH Managers are responsible for ensuring that they and their staff are aware of this policy and for taking appropriate and immediate action when unauthorized or inappropriate use of IT resources is suspected or known.
NIH staff is permitted limited personal use of authorized IT resources if the use:
- is incidental and involves minimal additional expense to the government
- doesn’t interfere with staff productivity, the NIH mission or operations
- occurs during non-work time
- is not used to misrepresent oneself or NIH
- doesn’t have the potential to cause public embarrassment to NIH
- doesn’t compromise the integrity of any NIH system or system security safeguards
- doesn’t violate federal laws or policies or any provisions of this policy or other NIH policies
Prohibited Uses based on federal laws and regulations:
- Anti-Lobbying Statutes, e.g., Lobbying Congress on behalf of causes, individuals, or organizations; promoting or conducting political activities;
- Copyright Act, e.g., violating copyrights or software licensing agreements by installing, downloading, or copying (in whole or in part) copyrighted materials in any format;
- Privacy and Freedom of Information Acts, e.g., accessing or using information inappropriately which is protected by the Privacy Act, or other federally mandated confidentiality provisions including the release of trade secrets, confidential business information, and other government information that is not available to the public;
- Standards of Ethical Conduct for Employees of the Executive Branch, e.g., making use of NIH IT resources for commercial purposes or in support of for profit activities, e.g., running a private business. See the detailed listing of "Principles of Ethical Conduct" available on the NIH Office of Government Ethics web site; and,
- Other illegal activities or activities otherwise prohibited by federal regulations, including creating, downloading, intentionally viewing, storing, copying or transmitting materials that exhibit or imply involvement with gambling, illegal weapons or drugs, child pornography, terrorism, and related activities.
Prohibited Uses based on the concern for causing unnecessary costs, congestion, disruption, or damage to government IT services, systems or equipment, or in a manner that demeans other staff, groups, individuals, and organizations:
- Using large amounts of bandwidth (data transmission exchange) for activities that are not related to NIH business, professional development, or is needed to accommodate staff with disabilities in accordance legislative mandates. Activities that use large amounts of bandwidth include: sending chain letters, e-mailing or downloading large files, e.g., music, graphics, games, videos, etc., using continuous on-line connections for data or video streaming, interactive/on-line games, music, or other similar activities;
- Intentionally or unintentionally permitting the use of NIH IT resources by unauthorized persons, e.g., allowing use by friends, family or others;
- Overriding or avoiding NIH security and system integrity procedures and devices or using NIH systems as staging ground to compromise the security of NIH and non-NIH systems;
- Intentionally accessing, viewing, disseminating, or storing offensive or disparaging information or graphical depictions, including hate, sexually explicit, violent, or racist materials;
- Installing and using hardware and/or software that is not in accordance with NIH or IC internal guidance.
- Conducting or participating in fund drives or monetary charitable events. The Combined Federal Campaign is the only authorized solicitation of federal employees for money.
- Creating, receiving, transmitting, or storing any information that is considered 'classified' which could potentially compromise national security and/or cause public alarm (e.g., unconfirmed health epidemic);
- Establishing web pages, blogs or other social media applications, unless specifically pre-authorized (or approved) by management for official NIH business.
- Using NIH logos or titles to misrepresent personal materials or intentionally misrepresenting, either implicitly or explicitly, personal views or comments in electronic forums or e-mail as official NIH or IC policy or position.